General discussion

Locked

No more web site with boring session limitation

By elahmadi ·
High solution technique for Web-site designing.

There are many web site required to be secure and need session limitation, because the users may forget to logout then the session will expired for security & performance Purpose, but what about some users

They just get busy doing any other tasks on them desk or talking on the phone or get busy for any reason. this is so00 boring? when the Msg come into view?...



" Sorry ...

The page you have requested cannot be rendered.

This could be because your session has timed out due to inactivity. Please sign on again."



Some web site like " GALAXY, THE UNITED NATIONS e-STAFFING SYSTEM " using high sophisticated technique

A massage Box appear to inform that your session left for log time with no activity and it will log off after (30 sec " count down timer start ") Do you want continue working! There is Ok bottom & Logoff Bottom. So if the user is not available to make action during this 30 sec, it will end the session due to inactivity

by Eng. Amir A. Elahmadi
Systems Engineer

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

and.....???

by awfernald In reply to No more web site with bor ...

I'm trying to understand what you are trying to say here?

Are you trying to say that people should not be using the session expiration on secure sites? or are you trying to say that they need to have popups to tell you your session will soon be expiring? or are you trying to say that you are tired of having your sessions expire because you are getting distracted?

Collapse -

Taking the idea a little further

by zging In reply to No more web site with bor ...

We develop a CMS system for our websites, and for several of the sites, we manage the contents ourselves.

Because we use HTML WYSIWYG interfaces in the page, there is the possibility of the session timing out when someone is working for a while on the content, and then they loose it. Because of this, my colleague drove me to solve the problem.

What I did was create a small flash app which sits on every page (in the titlebar) and counts down to when the session is about to time out. Once it times out, the user has two options with this. They can get the flash app to refresh the session automatically, or have the flash app log them out of the system (to the login screen) thus giving the user the choice (depending on their location/situation) on how they want this security feature to behave.

I found this works well, and it's solved my colleagues frustration!!

If you have any ideas on this/ improvements etc, I'd love to hear them (I just thought of the additional option of adjusting the time out in the flash app... hmmm)


by Nathan brown
Technical Director

NOTE: I have recently noticed some inconsistancy in the success of using flash to do this with different versions of windows/IE. Any feedback here would be great.

Collapse -

cookie handling

by apotheon In reply to Taking the idea a little ...

You could, very simply, use customizable cookie handling for logins. Allow the person signing in to choose what kind of login they will use, and the site should issue a cookie accordingly. Popular types on many websites are:
1. always logged in (probably not appropriate for you)
2. stay logged in until explicitly logging out
3. stay logged in until browser window is closed
4. time-out session logout (what you currently use)

I don't know if that's appropriate to your needs, but it's appropriate for most.

Collapse -

Cookie handling - secure enough?

by zging In reply to cookie handling

I see what you mean, the cookies could be used to auto login to particular sites etc. but are they secure enough?

Surely if someone has knowledge of the login system you use (easy enough to see by looking at current cookies on a computer used to login) then they could replicate this at will, completely overiding your security?

I'm not much of a fan of 'auto-login' for anything that you can be held accountable (forums, CMS systems etc) or even using cookies to aid login.

Sorry, I'm not trying to shoot you down, as I will be encorporating some of these ideas soon (if I can make they're secure enough - ie use encrytion/timestamps or something similar)

And I suppose at the end of the day it's mainly the case of making sure that your computer/ user profile is secure, and not easily accessed.

Collapse -

education

by apotheon In reply to Cookie handling - secure ...

I'm afraid you're going to have to educate yourself more fully in the matter. I don't know enough about your situation to be able to tell you how you can go about securing access to the site, right now. If I were to develop a complete solution for you, you'd have to pay something like $75/hr.

There are a lot of things you can do to increase security of cookie-based logins, especially if you're incorporating that into a collection of other security measures relating to how your website is run. There are other approaches to secure logins as well, but I don't know what your server supports, and thus I don't have a whole lot of idea of what to recommend. You should probably learn some Perl, or perhaps PHP (though PHP-based login security is often more easily compromised than Perl), and write some conditional login scripts.

Back to Web Development Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums